Blog Comments with invalid ModuleId

This is the place to report bugs and get support. When posting in this forum, please always provide as much detail as possible.

Please do not report problems with a custom build or custom code in this forum. If you are producing your own build from the source code and have problems or questions, ask in the developer forum, do not report it as a bug.

This is the place to report bugs and get support

When posting in this forum, please try to provide as many relevant details as possible. Particularly the following:

What operating system were you running when the bug appeared?
What database platform is your site using?
What version of mojoPortal are you running?
What version of .NET do you use?
What steps are necessary to reproduce the issue? Compare expected results vs actual results.

This thread is closed to new posts. You must sign in to post in the forums.

9/13/2007 10:32:28 AM

Tom Opgenorth

Total Posts 26

View Posts

Microsoft MVP in C#

Blog Comments with invalid ModuleId

Just noticed something in the mp_blogcomments table (MySQL). It seems that there were a bunch of blog comments that had an invalid module id, comments from spammers. I suspect that somebody had crafted the POST to insert the comments (nearly 300 in total).

Has anybody else seen this?

9/13/2007 12:29:44 PM

Joe Audette

Total Posts 18439

View Posts

Re: Blog Comments with invalid ModuleId

Hi Tom,

Yes I confirm that bug. I don't think the post was specially crafted, I think just the url was changed so that the ids were invalid. I've added checks for that and now it just hides the form if anything looks manipulated.

I've uploaded new files versioned 2-2-3-8-1, just backup mojoPortal.Business.dll and mojoPortal.Web.dll and replace with the new ones.

Thanks,

Joe

You must sign in to post in the forums. This thread is closed to new posts.